Entries of June, 2010

Today I am releasing version 0.5 of my Simple SQL Injection Vulnerability Scanner. [Download here] It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz […]

(Continue reading…)

Please view the original advisory here. The “Membership Site Script” is exposed to SQL injection attacks. >> #1 SQL Injection target/view.php?id=[SQL Injection]

(Continue reading…)

Please view the original advisory here. The “Daily Inspirational Quotes Script” fails to properly sanitize the user input and is therefore exposed to SQL injection attacks. >> #1 SQL Injection target/tellafriend.php?id=[SQL Injection]

(Continue reading…)

Please view the original advisory here. The “Joke Website Script” is exposed to SQL Injection and Cross-Site Scripting attacks. >> #1 SQL Injection target/search.php?submit=Search&keyword=[SQLi] >> #2 Cross-Site Scripting target/search.php?submit=Search&keyword=[XSS]

(Continue reading…)

Please download the original advisory here. The “E-Book Store”  is exposed to SQL injection attacks. >> #1 SQL Injection target/search.php?search=Search&keyword=[SQL Injection]

(Continue reading…)

Please view the original advisory here. The “Lyrics Script” suffers from various SQL Injection and Cross-Site Scripting vulnerabilities. >> #1 SQL Injection target/search_results.php?search=Search&k=[SQL Injection] target/browse_artist.php?letter=[SQL Injection] target/browse_song.php?letter=[SQL Injection] >> #2 Cross-Site Scripting target/search_results.php?search=Search&k=[XSS]

(Continue reading…)

Please view the original advisory here. The Dijitals CMS suffers from several XSS vulnerabilities. Built-in filters try to avoid XSS, sql injections and local + remote file inclusions. The XSS filters can be tricked by e.g. using String.fromCharcode.

(Continue reading…)

Today I am releasing my Simple Log File Analyzer 1.0. [Download here] Description The Simple Log File Analyzer helps you to detect possible hack attempts within the log files of your webserver. Features – Error handling – Scan a log file for four different attack types – Display a short scan report – Write scan […]

(Continue reading…)

Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features). [Download here] Description The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Features – Scan a […]

(Continue reading…)

Well, most of the blog readers of the official xen.org blog already knew it, but for many other people it will be a little surprise Stephen Spector just presented the official xen.org mascot: Xen.org Mascot Completed I simply love it, Brian J. Hall is really an excellent artist and this work is just awesome! I […]

(Continue reading…)